cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
785
Views
0
Helpful
5
Replies

Seperate Mail Flow for Emails through TLS and Non-TLS destination domains.

raheel1777
Level 1
Level 1

We have recently purchased Cisco ESA 6000v. We want to implement ESA in such a way that there are separate email flow for outgoing emails for TLS and Non-TLS destination domains.

For TLS the destination domains should be resolved through publically available DNS.

For Non-TLS destination domains email should be handed over to ISP for further sending to destinations.

Please suggest how to implement above scenario in ESA for outbound emails.

5 Replies 5

Mathew Huynh
Cisco Employee
Cisco Employee

Hello Raheel,,

You can set this up on your ESA via the GUI > Mail Policies > Destination Controls

Where you can set a default or create entries for those domains which you wish to use TLS for.

Essentially create entries for your domains to be handed to ISP to have TLS disabled, while setting the Default setting to TLS enabled.

Regards,

Matthew

Thanks for the reply. Yes you are right we can enforce TLS for outbound through destination control.

1 - But my main question is that where we will control that destination TLS domain should be resolved through eg. google DNS.

2- Without TLS domain should be handed over to ISP IP address eg. 10.1.1.1 where no DNS resolve action for destination domain is required.

Hello Raheel,

Thank you for your clarification.

On the ESA the only options to enforce TLS for outgoing is by domain through the destination control usage.

Regards,

Matthew

Thanks for your reply.

Ok let me put the question other way that how we can separate mail flow of two different destination domains. One through ISP and second through MX resolve through some public DNS.

Please suggest separate mail flow paths configuration.

Hello Raheel,

From the ESA i do not believe it is possible to distinguish emails which will be send through ISP and through MX (from Public DNS) through a feature means to make those setting requirements.

Regards,

Matthew